Great tips! I did most of what is said on this video plus I have my Synology NAS set up that it can only be accessed outside my LAN via VPN (custom one using Wireguard). 💪
@2:06 I suggest setting the values a tad smaller than defaults. Attackers know the defaults and wont try past the default. If you reduce the number of tries just by 1 you can capture those who try to fool the system to not get banned.
I came across your site while searching for instructions on reverse proxy and I found your videos to be very informative and well explained. 👍 Greetings from Germany 👋👋👋
Amazing video Frank, spot on on all everything. Plus, is so well delivered and easy to stay engaged for the entire video. You should have a million subs!
Seriously, you have become my favorite Synology channel of all! Always, articulate and precise on steps to take and recommendations. Thanks for that! 👍🏻 So, I have setup two local NAS’s. A primary 1821 (SHR-2) and secondary 1621 (SHR). I use ABB to backup all my PC’s/Mac and Hyper Backup to backup my primary NAS to my secondary NAS. In addition I have a 920+ offsite with Hyper Backups through a Tailscale VPN. So, I fell great having succeeded at an implementing a 3-2-1 backup strategy. However, I have never setup Snapshot! I know! 🤦🏻♂️ But your video has inspired me to do so. One question, are Snapshots only allowed on the same NAS or can you have Snapshots saved on another local or remote NAS as well? Or if they must be saved on the local storage pool and you are using Hyoer Backup to backup to a separate local and remote NAS, I assume Snapshots are saved within those backups as well, correct? Again, thank you! 👍🏻👍🏻
Thank you very much! Your setup sound awesome!! You can actually replicate data/snapshots to a secondary NAS if you'd like. After configuring them, select the "Replication" tab, and your second NAS should appear in the remote section. You will have to connect with your account and select which folder(s) you want to sync, but after you do, the data will sync from NAS A to NAS B, as well as the snapshots (if you selected that option). Keep in mind that this will sync the data as well, but it's a great option. Here's a tutorial on it if interested, but honestly, if you're happy with how it's currently working, setting up snapshots on both should be more than enough! www.wundertech.net/synology-nas-snapshot-replication-sync-snapshots-to-a-synology-nas/
@@WunderTechTutorials Hey, thanks so much for taking the time to reply in detail! Much appreciated! I will definitely give it a go! Great security tips! Happy New Year sir! 👍🏻
I've said it before, but I'll say it again. Your new vid format really hits different. Thank you. Out of curiosity do you do any paid consulting service?
Love the pace of the instruction been given, could you do a video on how to share a folder, please in easy steps, I am a newbie and has setup a shared folder for household use but cannot get my wife to access the folder try the team share but just a spinning wheel.
Thank you so much. I asked this question on an older video of yours, but I don't know if the video is still being monitored. How do I assign shared folders to a network interface. I want any user on LAN2 (IoT/Guest subnet) to be limited to only video and music shared folders even if it is a user with full administrator access.
Great video! I have two questions for you: - What's the real advantage of Snapshots compared to the recycle bin, which also allows you to recover deleted files? - Is a firewall and/or VPN connection useful when you already use 2FA to connect to your NAS? What are the possible risks of not using a VPN, for example, and relying solely on 2FA with QuickConnect? Thanks! :)
Thanks! Snapshots are generally for file recovery - don't think deleted files, think accidently updated files or more severe things like ransomware and being able to recover from them. A VPN is significantly more secure - it's the difference between the NAS being accessible (and thus, attackable) to the entire world and not being accessible to the entire world.
Excellent security reminders! An idea for a future video perhaps could be one on Hyper Backup and versioning vs single backup options - especially for the versioning and how the software to access versions works on desktop machines. You may have already touched on this on your past videos? I’m in the process of working this out now as I want to be able to access my versions in the advent the NAS storage pool was to fail.
Thanks! I do have an older Hyper Backup video that I think shows the Windows application and viewing files, but I might be mistaken. I have something similar coming up soon (I hope)...just need to refine the idea a little! Thanks for watching!
Thanks for the video... Very well put together. Sadly for me.... I have far to much data for the cloud backup services to be a cost effective option 35TB of data would be so expensive I could buy a 2nd 1522+ in a few months Maybe next year I will buy the expansion unit and back up to that.
@@Steve_Just_Steve I second that. In my case, it's in my detached garage. On the same property, but at least it's out of the house where the main NAS is located.
The tech goat 🐐- thanks again for your knowledge. Do you know what the best external USB drive is for hyperbackup? I tried using an external enclosure with a seagate 8tb drive and it keeps disconnecting. I have the ds923+
Thank you! Before you purchase a new one, there's an option that's available when you create the task that says something like "remove destination external device when backup finishes". Do you know if you enabled that? If you did, the external HDD will unmount every time the backup finishes. Unfortunately, I think the only way to disable that is to recreate the backup task, but it will stop the HDD from disconnecting and is definitely the first thing to check. If that still doesn't work, I have always used WD EasyStore and haven't had any problems with them.
@@WunderTechTutorials Oh, sorry I should have been more clear. When I say it keeps disconnecting, it does within the first 1-2 minutes of being plugged into the NAS. And the only unreliable solution is to plug in a usb-hub and then plug the external drive into the hub. It lasts longer than a minute, but still not long enough to complete a hyperbackup. I already opened up a ticket with Synology but they aren’t helpful. Is synology NAS really that picky for which type of external drive is being plugged in? Seems a bit crazy. I tried all ports. And even tried a different enclosure.
@@JBehrMusic Got it! Sorry for the confusion. In that case, have you tried to update the firmware on the eHDD? You won't be able to do it on the NAS (assuming new firmware even exists), but you should be able to do it on a PC/Mac. www.seagate.com/support/kb/firmware-updates-for-seagate-products-207931en/ To answer your initial question though, I use WD Easystore drives and never had problems, but I'd try and get the problem solved if possible so you don't need to buy a new one.
I would say there’s a best drive over say, all should work fine regarding backups to it from the NAS. I’ve found getting the cheapest slower spinning drives like WD Blue very affordable and as it’s for backup speed isn’t of the essence here (they still achieve around 160mb/sec)
Regarding the firewall and being exposed to the internet... I connect to my Synology remotely with Tailscale which doesn't need to forward ports. Would you use the firewall ?
The firewall is tough from a suggestion standpoint, because I do use it but I acknowledge that it's not necessary for most. If you want to use it simply to keep yourself in check like I mentioned in the video, I think it's a great option. The only other thought would be if you have multiple Tailscale clients and only want certain users to access the NAS. If you don't want to use it for either of those reasons, I'm not sure I'd go crazy implementing it, but it's not a "bad" thing to implement by any means.
For me, I disabled the firewall feature on my Synology NAS'es as I find it redundant and unnecessary since I already have a hardware firewall managing my entire network (including my Synology NAS'es) In fact, it was the culprit of my recent troubleshooting of why I can't access one of my NAS'es when using VPN. I forgot to disable the firewall on one of my Synology NAS'es and it was treating the VPN IP as a foreign one due to the way I have the Synology firewall rule set up. 😅
Any nas 20+/xs or newer has immutable support, 7 day retention immutable snapshot is probably be fine for most (14 to 30 day if your experienced with managing space or business use) enable 2fa everyone (people recantly getting there nas compromised because dsm is available to the internet)
How do I restrict access to my NAS so only 3 specified devices I have will be able to access the NAS? I tried using commands in DD-WRT and I tried establishing an allow rule for the 3 devices then a deny rule for all others, placing the deny rule at the bottom of the rules list. Neither of those methods were successful in blocking access from other devices, whether internal to my network or not. The command I used in DD-WRT were rules for iptables.
I don't have any experience with DD-WRT, but you should be able to do it in Synology's firewall. If it's not working, confirm if it's using IPv4 or IPv6 as it might be connecting via IPv6.
It's very tricky to lock down while still enabling single services on the Synology such as Surveilance Station - by default you are forced to keep DSM access open for the DSCam app to work. I struggled quite a bit with the security settings on the NAS and firewall to get this to work properly (basically you have to define custom SurvStation ports to differentiate them from DSM)
Best to just use a dedicated Synology nas for surveillance station (why I got NVR1218 it's old but works perfectly fine with 4 cams as it includes 4 licenses, normally it's 2)
Finally a youtuber without background music!!! pure silence, only your voice! thank you for that!!!
Excellent work, sir! Thank you for your videos, Synology should pay you a ton of cash for those awesome guides
Great tips! I did most of what is said on this video plus I have my Synology NAS set up that it can only be accessed outside my LAN via VPN (custom one using Wireguard). 💪
@2:06 I suggest setting the values a tad smaller than defaults. Attackers know the defaults and wont try past the default. If you reduce the number of tries just by 1 you can capture those who try to fool the system to not get banned.
I came across your site while searching for instructions on reverse proxy and I found your videos to be very informative and well explained. 👍 Greetings from Germany
👋👋👋
Thanks for watching and glad they've helped!
Great explanation of all the important features and functions - thanks
Amazing video Frank, spot on on all everything. Plus, is so well delivered and easy to stay engaged for the entire video. You should have a million subs!
Thanks, Tony! Appreciate you watching and thank you for the kind words!
Seriously, you have become my favorite Synology channel of all! Always, articulate and precise on steps to take and recommendations. Thanks for that! 👍🏻
So, I have setup two local NAS’s. A primary 1821 (SHR-2) and secondary 1621 (SHR). I use ABB to backup all my PC’s/Mac and Hyper Backup to backup my primary NAS to my secondary NAS. In addition I have a 920+ offsite with Hyper Backups through a Tailscale VPN. So, I fell great having succeeded at an implementing a 3-2-1 backup strategy.
However, I have never setup Snapshot! I know! 🤦🏻♂️ But your video has inspired me to do so. One question, are Snapshots only allowed on the same NAS or can you have Snapshots saved on another local or remote NAS as well? Or if they must be saved on the local storage pool and you are using Hyoer Backup to backup to a separate local and remote NAS, I assume Snapshots are saved within those backups as well, correct?
Again, thank you! 👍🏻👍🏻
Thank you very much! Your setup sound awesome!! You can actually replicate data/snapshots to a secondary NAS if you'd like. After configuring them, select the "Replication" tab, and your second NAS should appear in the remote section. You will have to connect with your account and select which folder(s) you want to sync, but after you do, the data will sync from NAS A to NAS B, as well as the snapshots (if you selected that option). Keep in mind that this will sync the data as well, but it's a great option.
Here's a tutorial on it if interested, but honestly, if you're happy with how it's currently working, setting up snapshots on both should be more than enough! www.wundertech.net/synology-nas-snapshot-replication-sync-snapshots-to-a-synology-nas/
@@WunderTechTutorials Hey, thanks so much for taking the time to reply in detail! Much appreciated! I will definitely give it a go! Great security tips! Happy New Year sir! 👍🏻
@@tonyvalenti6614 Happy New Year!
Great video! Very infomrative and to the point! In my favourites list and subbed.
Thank you so much.
Just what the doctor ordered!
Great video Frank. Every step is explained superbly! once again, this one goes straight to my favorite videos playlist! Excellent job!
Thanks, Avi! Appreciate you watching!
I've said it before, but I'll say it again. Your new vid format really hits different. Thank you.
Out of curiosity do you do any paid consulting service?
Thank you very much! I really appreciate it! Yes, I do: www.wundertech.net/wundertech-consulting/
I have had a session with Frank and it is worth every penny
great info i only got a synology nas for an off site back up my home system is overkill for most stuff
Love the pace of the instruction been given, could you do a video on how to share a folder, please in easy steps, I am a newbie and has setup a shared folder for household use but cannot get my wife to access the folder try the team share but just a spinning wheel.
Thanks so much! I'll add it to my list, but have you considered using Synology Drive? Might be what you're looking for.
Thank you so much. I asked this question on an older video of yours, but I don't know if the video is still being monitored.
How do I assign shared folders to a network interface. I want any user on LAN2 (IoT/Guest subnet) to be limited to only video and music shared folders even if it is a user with full administrator access.
its very Valuable video for me- what I looking for , thank you
Brill vid so useful thank you
Thank you.
Great video! I have two questions for you:
- What's the real advantage of Snapshots compared to the recycle bin, which also allows you to recover deleted files?
- Is a firewall and/or VPN connection useful when you already use 2FA to connect to your NAS? What are the possible risks of not using a VPN, for example, and relying solely on 2FA with QuickConnect?
Thanks! :)
Thanks! Snapshots are generally for file recovery - don't think deleted files, think accidently updated files or more severe things like ransomware and being able to recover from them. A VPN is significantly more secure - it's the difference between the NAS being accessible (and thus, attackable) to the entire world and not being accessible to the entire world.
Excellent security reminders! An idea for a future video perhaps could be one on Hyper Backup and versioning vs single backup options - especially for the versioning and how the software to access versions works on desktop machines. You may have already touched on this on your past videos? I’m in the process of working this out now as I want to be able to access my versions in the advent the NAS storage pool was to fail.
Thanks! I do have an older Hyper Backup video that I think shows the Windows application and viewing files, but I might be mistaken. I have something similar coming up soon (I hope)...just need to refine the idea a little! Thanks for watching!
@@WunderTechTutorials awesome, look forward to your video, as with all of them, extremely precise and helpful
Thanks for the video... Very well put together.
Sadly for me.... I have far to much data for the cloud backup services to be a cost effective option
35TB of data would be so expensive I could buy a 2nd 1522+ in a few months
Maybe next year I will buy the expansion unit and back up to that.
That's kinda what I did. When I bought my new NAS, I put my old one at a relatives place and backup with vault.
@@Steve_Just_Steve I second that. In my case, it's in my detached garage. On the same property, but at least it's out of the house where the main NAS is located.
Thanks! Definitely agree - a second NAS is the best option for users with a lot of data.
The tech goat 🐐- thanks again for your knowledge. Do you know what the best external USB drive is for hyperbackup? I tried using an external enclosure with a seagate 8tb drive and it keeps disconnecting. I have the ds923+
Thank you! Before you purchase a new one, there's an option that's available when you create the task that says something like "remove destination external device when backup finishes". Do you know if you enabled that? If you did, the external HDD will unmount every time the backup finishes. Unfortunately, I think the only way to disable that is to recreate the backup task, but it will stop the HDD from disconnecting and is definitely the first thing to check.
If that still doesn't work, I have always used WD EasyStore and haven't had any problems with them.
@@WunderTechTutorials Oh, sorry I should have been more clear. When I say it keeps disconnecting, it does within the first 1-2 minutes of being plugged into the NAS. And the only unreliable solution is to plug in a usb-hub and then plug the external drive into the hub. It lasts longer than a minute, but still not long enough to complete a hyperbackup. I already opened up a ticket with Synology but they aren’t helpful. Is synology NAS really that picky for which type of external drive is being plugged in? Seems a bit crazy. I tried all ports. And even tried a different enclosure.
@@JBehrMusic Got it! Sorry for the confusion. In that case, have you tried to update the firmware on the eHDD? You won't be able to do it on the NAS (assuming new firmware even exists), but you should be able to do it on a PC/Mac. www.seagate.com/support/kb/firmware-updates-for-seagate-products-207931en/
To answer your initial question though, I use WD Easystore drives and never had problems, but I'd try and get the problem solved if possible so you don't need to buy a new one.
I would say there’s a best drive over say, all should work fine regarding backups to it from the NAS. I’ve found getting the cheapest slower spinning drives like WD Blue very affordable and as it’s for backup speed isn’t of the essence here (they still achieve around 160mb/sec)
Regarding the firewall and being exposed to the internet... I connect to my Synology remotely with Tailscale which doesn't need to forward ports. Would you use the firewall ?
The firewall is tough from a suggestion standpoint, because I do use it but I acknowledge that it's not necessary for most. If you want to use it simply to keep yourself in check like I mentioned in the video, I think it's a great option. The only other thought would be if you have multiple Tailscale clients and only want certain users to access the NAS. If you don't want to use it for either of those reasons, I'm not sure I'd go crazy implementing it, but it's not a "bad" thing to implement by any means.
For me, I disabled the firewall feature on my Synology NAS'es as I find it redundant and unnecessary since I already have a hardware firewall managing my entire network (including my Synology NAS'es) In fact, it was the culprit of my recent troubleshooting of why I can't access one of my NAS'es when using VPN. I forgot to disable the firewall on one of my Synology NAS'es and it was treating the VPN IP as a foreign one due to the way I have the Synology firewall rule set up. 😅
Any nas 20+/xs or newer has immutable support, 7 day retention immutable snapshot is probably be fine for most (14 to 30 day if your experienced with managing space or business use) enable 2fa everyone (people recantly getting there nas compromised because dsm is available to the internet)
How do I restrict access to my NAS so only 3 specified devices I have will be able to access the NAS? I tried using commands in DD-WRT and I tried establishing an allow rule for the 3 devices then a deny rule for all others, placing the deny rule at the bottom of the rules list. Neither of those methods were successful in blocking access from other devices, whether internal to my network or not. The command I used in DD-WRT were rules for iptables.
I don't have any experience with DD-WRT, but you should be able to do it in Synology's firewall. If it's not working, confirm if it's using IPv4 or IPv6 as it might be connecting via IPv6.
What about changing your SSH port instead of disabling it?
Good option if you want to keep it enabled!
It's very tricky to lock down while still enabling single services on the Synology such as Surveilance Station - by default you are forced to keep DSM access open for the DSCam app to work. I struggled quite a bit with the security settings on the NAS and firewall to get this to work properly (basically you have to define custom SurvStation ports to differentiate them from DSM)
Yes, those login portals end up being very important. Glad you got it working!
Best to just use a dedicated Synology nas for surveillance station (why I got NVR1218 it's old but works perfectly fine with 4 cams as it includes 4 licenses, normally it's 2)
If Hard Drives fail…where is the snapshots and restore backup stored?
On the hard drives, so snapshots are used as a first layer of defense but that's why backups must be configured.
@@WunderTechTutorials ok I see…thanks 💯